Opened 5 years ago

Closed 5 years ago

#15088 closed defect (fixed)

Add the wait4() syscall to the seccomp sandbox

Reported by: sanic Owned by:
Priority: Medium Milestone: Tor: 0.2.5.x-final
Component: Core Tor/Tor Version: Tor: 0.2.5.10
Severity: Keywords: tor-relay seccomp 025-backport
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Tor version 0.2.5.10 seems to call wait4() upon receiving SIGHUP, and this violates the seccomp sandbox rules in sandbox.c, crashing the tor process.

Trace from tor's log on debug loglevel, right after /etc/init.d/tor reload:

============================================================ T= 1425215692
(Sandbox) Caught a bad syscall attempt (syscall wait4)
/usr/bin/tor(+0x12f4f1)[0x4273cf44f1]
/lib64/libc.so.6(waitpid+0x1a)[0x3423957b1da]
/lib64/libc.so.6(waitpid+0x1a)[0x3423957b1da]
/usr/bin/tor(notify_pending_waitpid_callbacks+0x4a)[0x4273cf42da]
/usr/bin/tor(process_signal+0x4ad)[0x4273bfb96d]
/usr/lib64/libevent-2.0.so.5(event_base_loop+0x99e)[0x3423a111a6e]
/usr/bin/tor(do_main_loop+0x1ad)[0x4273bfa77d]
/usr/bin/tor(tor_main+0x1875)[0x4273bfd755]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x342394e2d55]
/usr/bin/tor(+0x31c49)[0x4273bf6c49]
Mar 01 16:14:52.000 [info] cpuworker_main(): read request failed. Exiting.

The patch is as simple as adding wait4() to the whitelist:

diff -Naur tor-0.2.5.10/src/common/sandbox.c tor-0.2.5.10.new/src/common/sandbox.c
--- tor-0.2.5.10/src/common/sandbox.c
+++ tor-0.2.5.10.new/src/common/sandbox.c
@@ -119,6 +119,7 @@
     SCMP_SYS(epoll_wait),
     SCMP_SYS(fcntl),
     SCMP_SYS(fstat),
+    SCMP_SYS(wait4),
 #ifdef __NR_fstat64
     SCMP_SYS(fstat64),
 #endif

Child Tickets

Change History (4)

comment:1 Changed 5 years ago by nickm

Keywords: tor-relay seccomp 025-backport added
Milestone: Tor: 0.2.6.x-final

comment:2 Changed 5 years ago by nickm

Milestone: Tor: 0.2.6.x-finalTor: 0.2.5.x-final

Merged to 0.2.6, marking for possible backport.

comment:3 Changed 5 years ago by nickm

(The branch is bug15088_025)

comment:4 Changed 5 years ago by nickm

Resolution: fixed
Status: newclosed

merged into 0.2.5.

Note: See TracTickets for help on using tickets.